Appraisal Subcommittee; Appraiser Regulation; Temporary Waiver Requests 

Final Rule Summary:
Appraisal Subcommittee; Appraiser Regulation; Temporary Waiver Requests 

NASCUS Legislative and Regulatory Affairs Department
November 21, 2022

The Appraisal Subcommittee (ASC) of the Federal Financial Institutions Examination Council (FFIEC) adopted a final rule amending temporary waiver proceedings, promulgated in 1992 pursuant to Title XI of the Financial Institutions Reform, Recovery, and Enforcement Act of 1989, as amended (Title XI). On January 13, 2022, the ASC published a related proposed rule with a 60-day public comment period.

The final rule adopts the rules of practice and procedure substantially as proposed, with the following modifications:

  • Definition of “Petition” to include State financial institutions’ regulatory agencies as potential petitioners; and
  • Clarification that either a mandatory or discretionary waiver termination requires publication in the Federal Register and that a discretionary waiver termination requires such publication with a 30-day comment period.

Summary

Section §1101.1 of the final rule clarifies the distinction between:

  • A request from a state appraiser regulatory agency (Request for Temporary Waiver in the proposed rule); and
  • Information received from other persons or entities (which could include a state appraiser regulatory agency) is referred to as “Petition” in the proposed rule.

Section §1102.2: Definitions

Petition

The proposed rule failed to include state financial institution regulators in the definition of “petition.” “Petition” in the final rule now includes State financial institution regulatory agencies as a potential petitioner.

Scarcity of Certified or Licensed Appraisers and Significant Delays in the Performance of Appraisals

The final rule retained the proposed definition of scarcity of certified or licensed appraisers and adopted the definition as the number of active certified or licensed appraisers within a State or a specified geographical, political subdivision is insufficient to meet the demand for appraisal services, and such appraisers are difficult to retain.

The final rule also adopted the definition of significant delays in the performance of appraisals which is defined as delays that are substantially out of the ordinary when compared to the performance of appraisals for similarly situated Federally Related Transactions (FRTs) based on factors such as geographic location (e.g., rural versus urban) and assignment type, and the delay is not the result of intervening circumstances outside the appraiser’s control or brought about by the appraiser’s client (e.g., inability to access the subject property).[1]

Section §1102.3: Request for Temporary Waiver

Section 1102.3(a) states that the State Appraisal Agency for the State where temporary waiver relief is sought may file a Request for Temporary Waiver.  Section 1102.3(b) sets out a complete list of requirements for a temporary waiver to be deemed received by the ASC. The list includes:

  1. A written determination by the State Appraisal Agency that there is a scarcity of certified or licensed appraisers leading to significant delays in the performance of appraisal for FRTs or a specified class of FRTs within either a portion of, or the entire State;
  2. The requirement(s) of State law from which relief is being sought;
  3. The nature of the scarcity of certified or licensed appraisers (including supporting documentation, statistical or otherwise verifiable);
  4. The extent of the delays anticipated or experienced in the performance of appraisals by certified or licensed appraisers (including supporting documentation, statistical or otherwise verifiable);
  5. How complaints concerning appraisals by persons who are not certified or licensed would be processed in the event a temporary waiver is granted; and
  6. Meaningful suggestions and recommendations for remedying the situation.

Amendments to paragraph (b) also modify the requirement for a State Appraisal Agency to provide “a specific plan for expeditiously alleviating the scarcity and service delays” to “meaningful suggestions and recommendations for remedying the situation”.  This change recognizes a situation creating scarcity and delay may be outside the control of the State Appraisal Agency.

Amendments to the final rule also include the phrase “supporting documentation, statistical or otherwise verifiable.” A Request for Temporary Waiver should include clear and specific data to support a claim that there is a scarcity of appraisers leading to significant delays in the performance of appraisals for FRTs, or a specified class of FRTs, for either a portion of or the entire State.

The final rule indicates some specific information related to the following could assist the ASC in reviewing a request for a temporary waiver:

  1. Geography – location(s) of the scarcity leading to significant delay.
  2. Transactions – types of FRTs impacted (i.e., property and transaction type(s) and transaction amount(s)).
  3. Time – length of time for waiver requested.

Section 1102.3(b) of the final rule also includes that a Request for Temporary Waiver address how complaints concerning appraisals by persons who are not certified or licensed would be processed in the event a temporary waiver is granted.

Section 1102.3(c) clarifies that a Request for Temporary Waiver will be deemed received for purposes of publication in the Federal Register for notice and comment if the ASC determines that the information submitted meets the requirements of 1102.3(b) detailed above.

Section 1102.3(d) indicates that in the event a request is deemed “not received”, it may be denied in its entirety or referred to the State Appraisal Agency for further action. In either case, the ASC is to provide written notice to the State Appraisal Agency providing an explanation for the determination.

Section §1102.4: Petition Requesting the ASC Initiate a Temporary Waiver Proceeding

For consistency with amendments to Section 1102.2(c) and the definition of “petition,” Section 1102.4(a) has been amended to include State financial institutions’ regulatory agencies as a potential petitioner.  The final rule also clarifies that a petition is a request for the ASC to exercise its discretionary authority to initiate a temporary waiver proceeding. A petition may be filed by the Federal or State financial institutions’ regulatory agencies, the regulated financial institutions, or other persons or institutions with a “demonstrable” interest in appraiser regulation, including a State Appraisal Agency.

Petitions should include:

  1. Information (statistical or otherwise verifiable) to support the existence of a scarcity of certified or licensed appraisers leading to significant delays in the performance of appraisals for FRTs or a specified class of FRTs for either a portion of, or the entire State; and
  2. The extent of the delays anticipated or experienced in the performance of appraisals by certified or licensed appraisers (including supporting documentation, statistical or otherwise verifiable).
  3. A petition may also include meaningful suggestions and recommendations for remedying the situation.

In the event a petition is submitted by a party other than a State Appraisal Agency, the party must promptly provide a copy of its petition to the State Appraisal Agency.  If further action is needed on a petition, the ASC may refer a petition back to the State Appraisal Agency, where the temporary waiver relief is sought for further evaluation, or the ASC may take further action without referring.

Section §1102.5: Order Initiating a Temporary Waiver Proceeding

Under the final rule, the ASC may exercise discretion in determining whether to issue an Order initiating a temporary waiver proceeding in response to a petition, or the ASC may exercise discretion to initiate a proceeding without the submission of a petition.

Section §1102.6: Notice and Comment

Under the final rule, the ASC will:

  • Publish promptly in the Federal Register a notice respecting:
  • A received request for a temporary waiver; or
  • An ASC Order initiating a temporary waiver proceeding

The notice of the request for temporary waiver or ASC Order shall have a 30-calendar day comment public comment period.

Section §1102.7 ASC Determination

The final rule requires the ASC, within 90 calendar days of the date of publication of the notice in the Federal Register, by Order, to grant or deny a waiver, in whole or in part, and upon specified terms and conditions, including provisions for waiver termination.

The Order shall be published in the Federal Register. In the case of an Order approving a waiver, it will only be published upon approval of the FFIEC.

Section §1102.8 Waiver Extension

Under the final rule, the ASC may initiate an extension of a temporary waiver. A State Appraisal Agency may also seek an extension by forwarding an additional written request to the ASC.

Section §1102.9 Waiver Termination

The final rule provides two types of waiver terminations.

  • Mandatory waiver termination: ASC shall terminate a temporary waiver order when the ASC determines that significant delays in the performance of appraisals by certified or licensed appraisers no longer exist.
  • Discretionary waiver termination: The ASC, at any time, may terminate a waiver Order on the finding that the terms and conditions of the waiver order are not being satisfied.

Waiver terminations are to be posted in the Federal Register. Discretionary waiver terminations require a 30-day comment period. If no further action is taken by the ASC, a discretionary waiver termination becomes final 21 calendar days after the close of the comment period.

Summary re: CFPB Consumer Financial Protection Circular 2022-06: Unanticipated Overdraft Fee Assessment Practices

12 CFR Chapter X

The Consumer Financial Protection Bureau (CFPB) has issued Consumer Financial Protection Circular 2022-06, titled “Unanticipated Overdraft Fee Assessment Practices” to respond to a question posed about whether the assessment of overdraft fees under certain instances would be considered an unfair act or practice under the Consumer Financial Protection Act (CFPA), even if the entity complies with the Truth in Lending Act (TILA) and Regulation Z and the Electronic Fund Transfer Act (EFTA) and Regulation E.

The circular became effective on October 26, 2022 and can be found here.

Summary:

The Consumer Financial Protection Act (CFPA) prohibits conduct that constitutes an unfair act or practice.  An act or practice is unfair when: (i) it causes or is likely to cause substantial injury to consumers that is not reasonably avoidable by consumers; and (ii) the injury is not outweighed by countervailing benefits to consumers or to competition.  Overdraft fee practices must comply with TILA, EFTA, Regulation Z, Regulation E and the prohibition against unfair, deceptive and abusive acts or practices in Section 1036 of the CFPA.

According to the circular, overdraft fees assessed by financial institutions on transactions that a consumer would not reasonably anticipate are likely unfair. These unanticipated overdraft fees are likely to impose substantial injury on consumers that they cannot reasonably avoid and that is not outweighed by countervailing benefits to consumers or competition.  The circular highlights potentially unlawful patterns of financial institution practices regarding unanticipated overdraft fees and provides some examples of practices that might trigger liability under the CFPA.  The circular notes that the examples provided are illustrative and not exhaustive.

CISA Guidance Summary: Implementing Phishing-Resistant MFA — Implementing Number Matching in MFA Applications

NASCUS Legislative and Regulatory Affairs Department
November 10, 2022 

The Cybersecurity & Infrastructure Security Agency (CISA), a subordinate agency of the Department of Homeland Security (DHS) released guidance on October 31, 2022, strongly urging all organizations to implement phishing-resistant Multi-Factor Authentication (MFA) to protect against cyber threats. Additionally, CISA recommends using number matching to mitigate MFA fatigue in cases where an organization utilized push-notification-based MFA without a phishing-resistant MFA tool.

Background

CISA, a departmental agency acting as the national coordinator for critical infrastructure security and resilience, issued two fact sheets on October 31, 2022.  The first, Implementing Phishing-Resistant MFA[1], outlines the importance of MFA in authenticating access to systems.  MFA makes use of multiple factors to validate the individual accessing a system, including something you know, something you have, or something you are.  An example of different factors could include a password or pin (you know), biometric facial or fingerprint recognition (you are) and/or use of a digital certificate, specific hardware/software configuration, pin producing token (you have).

The guidance further outlines potential weaknesses utilized by threat actors to overcome such cyber defenses, including:

  • Phishing: A social engineering form in which threat actors utilize email or malicious websites to solicit information or gain access to a machine to gain access to the necessary information to access a protected network.
  • Push Bombing or Push Fatigue: Threat actors bombard a user with push notifications until they “accept” the notification and thereby grant access to the protected network.
  • The exploitation of SS & Protocol Vulnerabilities: Threat actors utilize vulnerabilities in communications systems to transfer control of the user’s phone number to a controlled SIM card.

To address these vulnerabilities, organizations are encouraged to utilize one of the following:

  • FIDO/WebAuthn Authentication: Utilizes physical tokens to authenticate to a device via USB or are hardware embedded into laptops or mobile devices as platform identity authenticators.
  • PKI-based MFA: Public Key Infrastructure utilizes smart cards or digital certificates to validate access to a system through a combination of public and private keys. Keys on the transporting hardware are accessed by a user using a password or pin and are physically connected to the device used to access the application.

The guidance understands such systems require significant infrastructure and provides a further discussion on other, less substantial, MFA tools to utilize to mitigate the potential attack avenues discussed above and how to focus on implementing a phishing-resistant MFA system.

One of the most efficient methodologies to mitigate phishing attacks on MFA discussed includes a process called number matching, the subject of the second fact sheet titled Implementing Number Matching in MFA applications[2].

This fact sheet discusses different types of MFA push prompts in which the authenticating platform provides an additional layer of protection against phishing by requiring entering a pin/password from the identity platform (i.e, your phone) into the application instead of just checking an acknowledgment on the identity platform to gain access.  In this scenario, a threat actor without the phone would not be able to access the application, and a user, fatigued by numerous access requests, cannot inadvertently allow access.

Both fact sheets provide reference material available to further research and implement appropriately hardened systems relating to MFA.

[1] Available at www.cisa.gov/sites/default/files/publications/fact-sheet-implementing-phishing-resistant-mfa-508c.pdf.

[2] Available at www.cisa.gov/sites/default/files/publications/fact-sheet-implement-number-matching-in-mfa-applications-508c.pdf.

Summary re: CFPB Notice and Request for Comment Regarding the CFPB’s Inquiry Into Big Tech Payment Platforms

The Bureau ordered six large technology companies operating payments systems in the United States to provide information about certain of their business practices.  Accompanying the orders, the Director of the Bureau issued a statement and invited interested parties to submit comments to was published in the Federal Register on November 5, 2021.  The Bureau has decided to re-open the comment period for an additional 30 days to gather additional stakeholder comments.

Comments must be received by December 7, 2022, and the notice can be found here.

Summary:

On October 21, 2021, the CFPB ordered six large technology companies operating payments systems in the United States to provide information about certain of their business practices.   The orders were issued to Google, Apple, Facebook, Amazon, Square and Paypal.  The Bureau will also study the practices of the Chinese tech giants that offer payments services, such as WeChat Pay and Alipay.  The Bureau’s inquiry was intended to inform regulators and policymakers about the future of our payments system.  Stakeholders interested in commenting on the notice can find the original notice here.

The Bureau invites all interested parties to submit comments to inform the agency’s inquiry.  In addition, the Bureau is inviting comment on the following questions related to the Bureau’s inquiry:

  • What fees, fines or other penalties do large technology companies assess on users of their payment platforms, including for:
  • Purported violations of the technology companies’ acceptable use policies; or
  • Any other conduct?
  • Do the acceptable use policies for technology companies’ payment platforms include provisions that can restrict access to their platforms? If so, under what circumstances can the technology companies restrict access to their platforms?

Summary re: CFPB Bulletin 2022-06: Unfair Returned Deposited Item Fee Assessment Practices  

12 CFR Chapter X 

A returned deposited item is a check that a consumer deposits into their checking account that is returned to the consumer because the check could not be processed against the check originator’s account.  Blanket policies of charging Returned Deposited Item fees to consumers for all returned transactions irrespective of the circumstances or patterns of behavior on the account are likely unfair under the Consumer Financial Protection Act (CFPA).  The CFPB is issuing this bulletin to notify regulated entities how the Bureau intends to exercise its enforcement and supervisory authorities on this issue.   

The bulletin is effective as of November 7, 2022, and can be found here

Summary:  

The CFPA prohibits covered persons from engaging in unfair acts or practices.  Congress defined an unfair act or practice as one that (i) causes or is likely to cause substantial injury to consumers which is not reasonably avoidable and (ii) such as substantial injury is not outweighed by countervailing benefits to consumers or to competition. Blanket policies of charging “Returned Deposited Item” fees to consumers for all returned transactions irrespective of the circumstances of the transaction or patterns of behavior on the account are likely unfair.   

In addition, fees charged for Returned Deposited Items cause substantial injury to consumers.  In many instances in which fees are charged for these returned items, consumers would not be able to reasonably avoid the substantial monetary injury imposed by the fees.  An injury is not reasonably avoidable unless consumers are fully informed of the risk and have practical means to avoid it.  However, a consumer depositing a check would normally be unaware of and have little to no control over whether a check originator has funds in their account; will issue a stop payment instruction; or has closed the account.  Nor would a consumer normally be able to verify whether a check will clear with the check originator’s depository institution before depositing the check or be able to pass along the cost of the fee to check originator.   

The Bureau notes that it is unlikely that an institution will violate the prohibition if the method in which fees are imposed are tailored to only charge consumers who could reasonably avoid the injury.   

CFPB Summary re: Advisory Opinion on Fair Credit Reporting; Facially False Data
12 CFR Part 1022

The Consumer Financial Protection Bureau (CFPB) issued this advisory opinion to highlight that a consumer reporting agency that does not implement reasonable internal controls to prevent the inclusion of facially false data, including logically inconsistent information, in consumer reports it prepares is not using reasonable procedures to assure maximum possible accuracy under Section 607(b) of the Fair Credit Reporting Act (FCRA).

This advisory opinion became effective on October 26, 2022, and can be found here.

Summary:

The FCRA regulates consumer reporting.  The statute was designed to ensure that “consumer reporting agencies adopt reasonable procedures for meeting the needs of commerce for consumer credit, personnel, insurance, and other information in a manner which is fair and equitable to the consumer, with regard to the confidentiality, accuracy, relevancy, and proper utilization of such information.”  The FCRA was enacted “to protect consumers from the transmission of inaccurate information about them and to establish credit reporting practices that utilize accurate, relevant, and current information in a confidential and responsible manner.”

The Bureau is issuing this advisory opinion to highlight that the legal requirement to follow reasonable procedures to assure maximum possible accuracy of the information concerning the individuals about whom the reports related includes, but is not limited to, procedures to screen for and eliminate logical inconsistencies to avoid including facially false data in consumer reports. The opinion provides a non-exhaustive list of examples of inconsistent account information/statuses and illogical information relating to consumers that could be considered problematic. Finally, the advisory opinion applies to all consumer reporting agencies as defined in FCRA Section 603(f).

Final Rule Summary
FinCEN: Beneficial Ownership Information Reporting Requirements

NASCUS Legislative and Regulatory Affairs Department
October 31, 2022

On September 30, 2022, the Financial Crimes Enforcement Network (FinCEN), issued a final rule, Beneficial Ownership Information Reporting Requirements, implementing the reporting requirements of Section 6403 of the Corporate Transparency Act (CTA)[1]. In conjunction with the final rule, FinCEN also issued a summary Fact Sheet found here.  The final rule requires certain entities to file with FinCEN reports that identify two categories of individuals: the beneficial owners of the entity, and individuals who have filed an application with specified governmental authorities to create the entity or register it to conduct business. This information will be housed within the forthcoming Beneficial Ownership Secure System (“BOSS”), a database currently under development by FinCEN.

The final rule and associated requirements are intended to help prevent and combat money laundering, terrorist financing, corruption, tax fraud, and other illicit activity while minimizing the burden on the entities doing business in the United States.

Summary

The Corporate Transparency Act (CTA) was enacted as part of the Anti-Money Laundering Act (AMLA) of 2020 and is intended to expand and modernize the U.S. government’s ability to collect beneficial ownership information in order to deter money laundering, corruption, tax evasion, fraud, and other financial crime.  The CTA requires FinCEN to:

  1. Implement rules for the reporting of beneficial ownership information (BOI) of legal entities organized or registered to conduct business in the U.S.
  2. Develop protocols for access to, and the sharing of reported BOI
  3. Amend the current Customer Due Diligence (CDD) Rule applicable to financial institutions to account for the new requirements of the CTA

This final rule applies only to beneficial ownership. FinCEN must still issue two additional proposed rulemakings under the CTA addressing items 2 and 3 above related to access and CDD.

The final rule is effective January 1, 2024. Companies required to report that are created or registered prior to the effective date will have a one-year grace period (January 1, 2025) to file their initial BOI reports. Reporting companies created or registered on or after the effective date will have 30 days to file their initial reports with FinCEN. Exempt entities that no longer qualify for exemption under the regulation will be required to file a report within 30 calendar days of the date it no longer meets the exemption criteria.

What is a Reporting Company?

Reporting Companies are both domestic and foreign. The final rule defines each type as follows:

  • Domestic Reporting Companies: Any corporation, limited liability company, or other entity that is created by the filing of a document with a secretary of state or any similar office under the law of a State or Indian tribe[2]; and
  • Foreign Reporting Companies: Any corporation, limited liability company, or other entity, that is formed under the law of a foreign country; and registered to do business in any State or tribal jurisdiction by the filing of a document with a secretary of state or any similar office under the law of a State or Indian tribe.

The CTA sets forth from the definition of “reporting company” twenty-three[3] specific types of exempt entities. Consistent with the proposed rule, categories of exempted entities include:

  • SEC reporting issuers
  • Banks and credit unions
  • Tax-exempt entities
  • MSBs registered with FinCEN
  • Broker-dealers
  • S. government authorities

Also exempt from the final rule are:

  • Large operating companies: employ more than 20 full-time employees in the U.S. and have an operating presence at a physical office within the U.S. and filed a federal income tax or information return in the U.S. for the previous year demonstrating more than $5,000,000 in gross receipts or sales.
  • Inactive entities: in existence on or before January 1, 2020, and meet other requirements[4]
  • Pooled investment vehicles: operated or advised by a qualifying bank, credit union, broker-dealer, investment company, investment adviser, or venture capital fund adviser[5]
  • Subsidiaries: whose ownership interests are controlled or wholly owned, directly or indirectly, by one or more exempt entities subject to exception.
  • Investment companies and investment advisers: registered with the SEC
  • Venture capital fund advisers: that have filed Item 10, Schedule A, and Schedule B of Part 1A of Form ADV, or any successor thereto, with the SEC.

What information must be reported?

As previously discussed, domestic or foreign entities registered after January 1, 2024, must file an initial report with FinCEN within 30 days after formation or registration while reporting companies registered prior to the January 1, 2024, effective date will have a one-year grace period.

Reporting Companies

The initial report must include the following about the reporting company in order to comply with the rule:

  • Full name and address;
  • Trade or fictitious names used;
  • Address of the principal place of business
  • Jurisdiction of formation or, in the case of a foreign company, jurisdiction in which first registered; and
  • Taxpayer Identification Number (TIN), or where a foreign reporting company has not been issued a TIN, a tax identification number issued by a foreign jurisdiction.[6]
  • Beneficial Owners and Company Applicants

The initial report must also include the following information about each beneficial owner and company applicant:

  • Full legal name;
  • Date of birth;
  • Current address;
  • A unique identifying number from a non-expired passport, driver’s license, government-issued ID, or identification document issued by a State or local government or tribe; and
  • An image of the document showing the unique identifying number.

A FinCEN unique identifier may also be obtained. A FinCEN identifier issued by FinCEN to individuals and reporting companies and an individual may apply for a unique identifier if the individual submits to FinCEN the same four pieces of identifying information as required for the BIO report.

It is noted that obtaining a unique identifier may reduce the burden on reporting companies on keeping BOI up to date as well as mitigate privacy concerns inherent with document retention.

Beneficial Owners

Similar to the current CDD rule, the BOI final rule requires the reporting of beneficial ownership concerning (1) beneficial owners; and (2) company applicants of the reporting company

  • The term “beneficial owner” is defined in terms of both ownership and control, similar to that of the current CDD rule.
  • “Ownership” is defined as any individual who, directly or indirectly, exercises substantial control over a reporting company or who owns or controls at least 25% of the ownership interests of a reporting company.

Substantial Control

The final rule establishes three specific, yet broad, indicators of substantial control. “Substantial Control” includes:

  • Serves as a senior officer of a reporting company (not including those who serve as a corporate secretary or treasurer);
  • Has authority over the appointment or removal of any senior officer or a majority of the board of directors;
  • Directs, determines, or has substantial influence over important influence over important decisions made by a reporting company[7] or;

The final rule also indicates that an individual may directly, or indirectly, including as a trustee of a trust or similar arrangement, exercise substantial control over a reporting company through:

  • Board representation;
  • Ownership or control of a majority of the voting power or voting rights of a reporting company;
  • Rights associated with any financing arrangement or interest in a company;
  • Control over one or more intermediary entities that separately or collectively exercise substantial control over a reporting company
  • Arrangements or financial or business relationships, whether formal or informal, with other individuals or entities acting as nominees; or
  • Any other contract, arrangement, understanding, relationship, or otherwise.

Company Applicants

In addition to beneficial owners, the reporting company must also report the “company’s applicant.” A “company applicant” is defined as the individual who directly files the document to create or register the reporting company and the individual who is primarily responsible for directing or controlling such filling if more than one individual is involved in the filing.

This requirement is only applicable to reporting companies created or registered on or after the January 1, 2024, effective date.

Certification

Under the final rule, each reporting company is required to certify that its report or application is true, correct, and complete. The final rule also clarifies that the certification requirement applies to any report or application submitted to FinCEN pursuant to 31 CFR 1010.380(b), such as an application for a FinCEN ID, not just to a BOI report submitted by a reporting company.[8]  Under the final rule, each reporting company will certify that its report or application is true, correct, and complete. FinCEN recognized in the final rule that much of the information required to be reported about beneficial owners and applicants will be provided to reporting companies by those other individuals. However, the structure of the CTA deliberately places the responsibility for reporting this information on the reporting company itself.

While an individual may file a report on behalf of a reporting company, the reporting company is ultimately responsible for the filing. The same is true of the certification. Under the final rule, the reporting company is required to make the certification and any individual who files the report as an agent of the reporting company will certify on the reporting company’s behalf.

Timing Requirements

As previously discussed, the final rule imposes specific timing requirements for the filing of BOI reports as well as updates and corrections to information submitted. Newly created entities (domestic and foreign reporting companies) must file the initial BOI reports within 30 days after formation or registration. Existing reporting companies have until January 1, 2025, to file with FinCEN.

Reporting companies must also update information in a timely manner as well as correct any inaccurate information filed in the BOSS. The final rule requires an updated report to be filed within 30 days after any change in the information reported to FinCEN. This includes any change in beneficial ownership information as well as any change in previously reported beneficial ownership or company applicant. Additionally, the final rule requires a corrected report must be filed within 30 days after the reporting company becomes aware of any inaccuracies.

[1] See NDAA for Fiscal Year 2021, H.R. 6395, 116th Congress (2020) Sec. 6401-6403.

[2] FinCEN believes this definition will exclude many sole proprietorships, trusts, and general partnerships, subject to applicable State or tribal law.

[3] See 31 U.S.C. 5336(a)(11)(B)(i)–(xxiii)

[4] FR, Vol. 87, No.189, p. 59545

[5] FinCEN further notes that the term “pooled investment vehicle” encompasses a wide variety of investment products with a wide range of names and structures, which present a range of risk profiles. It is accordingly impracticable for FinCEN to prospectively opine on the applicability of the exemption to specific structures that may not carry the name “pooled investment vehicle.” However, as a general principle, FinCEN notes that a vehicle’s eligibility for this exemption does not hinge on its nominal designation, but rather on whether the vehicle or entity satisfies the elements articulated in the final regulatory text.

[6] The proposed rule did not require that reporting companies provide the TIN

[7] Including decisions regarding: (1) The nature, scope, and attributes of the business of the reporting company, including the sale, lease, mortgage, or other transfer of any principal assets of the reporting company;

(2) The reorganization, dissolution, or merger of the reporting company;

(3) Major expenditures or investments, issuances of any equity, incurrence of any significant debt, or approval of the operating budget of the reporting company;

(4) The selection or termination of business lines or ventures, or geographic focus, of the reporting company;

(5) Compensation schemes and incentive programs for senior officers;

(6) The entry into or termination, or the fulfillment or non-fulfillment, of significant contracts;

(7) Amendments of any substantial governance documents of the reporting company, including the articles of incorporation or similar formation documents, bylaws, and significant policies or procedures;

 

[8] 31 CFR 1010.380(b)

Rule Summary: FRB 12 CFR Part 235; Regulation II; Debit Card
Interchange Fees and Routing

NASCUS Legislative and Regulatory Affairs Department
November 1, 2022

The Board of Governors adopted a final rule amending Regulation II Debit Card Interchange Fees and Routing [1] on October 11, 2022. The final rule specifies the requirement that each debit card transaction must be able to be processed on at least two unaffiliated payment card networks applies to card-not-present transactions, clarifies the requirement that debit card issuers ensure that at least two unaffiliated networks have been enabled to process debit card transactions, and standardizes and clarifies the use of certain terminology.

Amendments to Regulation II become effective July 1, 2023.[2]

Background

The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) was enacted on July 21, 2010[3], amending the Electronic Fund Transfer Act (EFTA) (15 U.S.C. 1693 et seq.) to add a new section 920.  EFTA Section 920 directed the board to prescribe regulations that limit restrictions issuers and payment card networks (networks) may place on the processing of debit card transactions. These requirements included prohibiting exclusivity arrangements with networks for debit card transaction processing and prohibiting issuers or networks from restricting the ability of a merchant to choose among networks enabled to process debit card transactions

As a result of these changes the Board of Governors promulgated Regulation II in July 2011[4], including Sections 235.7(a) and (b).

On May 13, 2021, the Board proposed to amend Regulation II’s prohibition on network exclusivity to clarify that debit card issuers should enable at least two unaffiliated networks for card-not-present debit card transactions.[5]

The Board received slightly more than 2,750 comment letters in response to the proposal including 1,700 from debit card issuers (all depositories or related trade associations, approximately 1,000 from merchants and related trades organizations, five network providers, three federal agencies, three government officials and approximately 40 from interested consumers or consumer groups.  Approximately 2,600 of the letters were one of 11 form letters.

Summary

The Board adopted amendments to §235.7(a)(2) and the commentary of Appendix A to §235.7(a) substantially consistent with the initial proposal but with modest changes to address issues raised by commenters.

Specifically, §235.7(a)(2) of the final rule provides that an issuer satisfies the prohibition on network exclusivity only if the issuer enables at least two unaffiliated networks to process an electronic debit transaction, where such networks satisfy two requirements:

  • The enabled networks in combination must not, by their respective rules or policies or by contract with other restrictions imposed by the issuer, result in the operation of only one network or only multiple affiliated networks for a geographic area, specific merchant, particular type of merchant, or particular type of transaction.
  • The enabled networks must have each taken steps reasonably designed to be able to process the electronic debit transactions that they would reasonably expect will be routed to them based on the expected volume.

The notice states that the Board believes §235.7(a)(2) final language clarifies the requirement to “enable” at least two unaffiliated networks.

The Board also adopted amendments to Appendix A to Part 235 Official Board Commentary on Regulation II to clarify that §235.7(a) does not require an issuer to ensure that two or more unaffiliated networks will be available to the merchant to process every electronic debit transaction.  To comply with §235.7(a) it is sufficient for an issuer to configure each of its debit cards so that each electronic debit transaction performed with such card can be processed on at least two unaffiliated networks, even if the networks that are actually available to the merchant for a particular transaction are limited by other factors, including card acceptance technologies that a merchant adopts or the networks that the merchant accepts.

Finally, the Board adopted other non-substantive changes to terminology outside the aforementioned amendments to Append A to Part 235 Official Board Commentary on Regulation II to Part 235.7(b).

[1] Federal Register announcement can be found at https://www.federalregister.gov/documents/2022/10/11/2022-21838/debit-card-interchange-fees-and-routing

[2] Section 302 of the Riegle Community Development and Regulatory Improvement Act, Pub. L. 103–325, requires that amendments to regulations prescribed by a federal banking agency that impose additional requirements on insured depository institutions must take effect on the first day of a calendar quarter that begins on or after the

date of publication in the Federal Register. 12 U.S.C. 4802. Consistent with this requirement, the effective date of the final rule is July 1, 2023.

[3] Public Law 111–203, 124 Stat. 1376 (2010)

[4] Regulation II, Debit Card Interchange Fees and Routing, codified at 12 CFR part 235. Regulation II also implements a separate provision of EFTA section 920 regarding debit card interchange fees.

[5] 86 FR 26189 (May 13, 2021). The original proposal requested public comment by July 12, 2021, but the Board later extended the comment period an additional 30 days to August 11, 2021. 86 FR 34644 (June 30, 2021).

Treasury Request for Comment Summary: Federal Insurance Response to Catastrophic Cyber Incidents

In response to a Government Accountability Office report, the Federal Insurance Office in the Department of Treasury issued a notice requesting comment from the public on whether there should be a federal insurance response related to cyber insurance and catastrophic cyber incidents.

Comments are due by November 14, 2022, and the notice can be found here.

Summary

The Government Accountability Office (GAO) issued a report in June 2022 recommending that the Federal Insurance Office (FIO) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) conduct a joint assessment to determine “the extent to which risks to critical infrastructure from catastrophic cyber incidents and potential financial exposures warrant a federal insurance response.”

The FIO is seeking public comment as to whether a federal insurance response to “catastrophic” cyber incidents may be warranted, as well as how such an insurance response should be structured and other related issues.  The FIO is also seeking comment on issued concerning the risks of catastrophic cyber incidents to critical infrastructure, the potential quantification of such risks, the extent of existing private market insurance protection for such risks, whether a federal insurance response is warranted, and how such a federal insurance response, if warranted, should be structured.

The FIO seeks feedback on a number of topics such as:

  • Catastrophic cyber incidents
    • Nature of Event
    • Measuring financial and insured losses
    • Cybersecurity Measures
  • Potential Federal Insurance Response from Catastrophic Cyber Incidents
    • Insurance Coverage Availability
    • Data and Research
    • Federal Insurance Response
    • Potential Structures for Federal Insurance Response
    • Potential Models
    • Participation
    • Scope of Coverage
    • Cybersecurity Measures
    • Moral Hazard
    • Risk Sharing
    • Reinsurance/Capital Markets
    • Funding
    • Evaluation/Data Collection
    • Limitations
  • Effects on cyber insurance market

 

Summary re: Department of Homeland Security’s Request for Information on the Cyber Incident Reporting for Critical Infrastructure Act of 2022

CISA issued a Request for Information to receive input from the public as CISA develops proposed regulations required by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).

RFI comments are due by November 14, 2022, and the Federal Register notice can be found here.

Summary:

CIRCIA directs CISA to develop and oversee the implementation of regulations requiring covered entities to submit reports detailing covered cyber incidents and ransom payment CISA.  CIRCIA requires CISA to publish a Notice of Proposed Rulemaking (NPRM) within 24 months of the date of enactment of CIRCIA.

CISA is interested in receiving public input on potential aspects of the proposed regulation prior to publication of the NPRM and is issuing this RFI as a means to receive that input. CISA is seeking input on all aspects of CIRCIA’s regulatory requirements but is particularly interested in input on definitions for and interpretations of the terminology to be used in the proposed regulations; the form, manner, content, and procedures for submission of reports required under CIRCIA; information regarding other incident reporting requirements including the requirement to report a description of the vulnerabilities exploited; and other policies and procedures, such as enforcement procedures and information protection policies, that will be required for the implementation of the regulations.

The notice contains a list of topics CISA believes inputs would be particularly useful in developing a balanced approach to implementing the regulatory authorities Congress assigned to CISA under CIRCIA.

 

 

CFPB Summary: Request for Information Regarding Mortgage Refinances and Forbearances

The Consumer Financial Protection Bureau (CFPB) is seeking comment from the public about (i) ways to facilitate mortgage refinances for consumers who would benefit from refinancing, especially consumers with smaller loan balances; and (ii) ways to reduce risks for consumers who experience disruptions in their financial situation that could interfere with their ability to remain current on their mortgage payments.

Comments are due on the RFI no later than November 28, 2022. The RFI can be found here.

Summary:

The Bureau is requesting information about (i) ways to facilitate residential mortgage loan refinances for borrowers who would benefit from refinances, especially borrowers with smaller loan balances; and (ii) ways to reduce risks for borrowers who experience disruptions that could interfere with their ability to remain current on their mortgage payments.

The Bureau looks at a number of possible means to facilitate beneficial refinancing:

  • Targeted and streamlined refinance programs – programs used to refinance programs through reduced underwriting and documentation requirements, typically with lower transaction costs than traditional refinances. These programs are generally aimed at lowering interest rates and monthly payments for consumers who may otherwise be unlikely or unable to refinance.
  • New Products to Facilitate Beneficial Refinances – Some creditors have introduced mortgage products designed generally to promote beneficial refinances such as offering reduced closing costs on future refinancing with the same creditor or “auto-refi” mortgages.
  • Forbearances/Other Loss Mitigation – the Bureau discussed the benefits of forbearance/loss mitigation programs like the CARES Act and similar forbearance programs offered by private companies.

Request for Comment:

The Bureau welcomes comments from consumers, creditors, and other stakeholders including the submission of descriptive information about experiences of people participating in the mortgage market.

Barriers to Refinancing

  • What barriers may prevent consumers from accessing falling interest rates through refinancing and what solutions could lower those barriers, particularly for consumer with smaller loan balances?
  • Are there particular issued in obtaining refinances or would any particular approaches be more effective for certain types of homeowners, such as servicemembers, older adults, and first-time homeowners?
  • To what extent do large fixed costs of refinancing and limited profitability for smaller loan balances limits beneficial refinances?
  • What potential policies could lower costs for beneficial refinances?
  • How much do common risk-based underwriting factors like credit scores and loan to value ratios account for the differences in refinancing rates across the population?
  • To what extent do the types of creditors offering refinance products in particular geographic areas affect refinancing rates in some areas and for some consumers?
  • To what extent are refinancing rates affected by potential barriers that may be more difficult to quantify, including borrowers’ shopping behavior, trust of financial institutions, or the complexity and documentation involved in the refinancing process?
  • To what extent do consumers in rural areas face limited opportunities for refinances and what are the factors, including smaller loan balances, that may limit refinance opportunities for those consumers?

 

Targeted and Streamlined Refinances

 

  • How can the Bureau support industry efforts to facilitate beneficial refinances through targeted and streamlined refinance programs?
  • What are the current barriers to widespread use or promotion of existing refinance programs and, relatedly, what features of refinance programs are important to promoting widespread use?
  • What protections should be included in refinance programs to ensure consumer benefit, such as requirements for a lower interest rate and monthly payments, loan term limits, limits on serial refinancing, and requirements to refinance the consumer into a more stable mortgage product?
  • Should the Bureau’s rules, including the ART-QM rule, be amended to encourage beneficial refinances while preserving important protections for consumers? If so, how? What are the risks/benefits of doing so?
  • What are the risks and benefits of removing or modifying the current ATR-QM requirement that a creditor must consider and verify a consumer’s income or assets relied on in making the loan in the context of a refinance program?

Potential New Products to Facilitate Refinances

  • What products/programs have lenders introduced to attempt to facilitate refinances for borrowers who would benefit from refinancing? What are the advantages and disadvantages of these products and programs?
  • What are the potential benefits and drawbacks of auto-refi mortgages and one way ARMs?
  • Could creditors feasibly market and price auto-refi mortgages and one-way ARMs?
  • How could creditors most effectively structure auto-refi mortgages?
  • How could creditors most effectively structure one way ARMs?
  • How could these products be designed to minimize risks to consumers?
  • Under what market conditions should an auto-refi mortgage automatically refinance?
  • Under what market conditions should the rate of one-way ARM change?
  • Should these conditions be regulated or left to market forces?
  • Do any market factors or practical difficulties, including secondary market liquidity and mortgage-backed securities (MBS) investor interest, preclude the development of auto-refi mortgages or one-way ARMs? How would these or similar products impact the MBS market?
  • Should the Bureau amend the ATR-QM rule or other regulations to permit or encourage creditors to offer auto-refi mortgages or one-way ARMs? If so, how?
  • Are there any other new products that creditors could feasibly develop that would allow more borrowers to receive the benefits of reduced mortgage interest rates?
  • Would these products be prohibited or discouraged by existing regulations promulgated by the Bureau?
  • Should the Bureau (or other Federal regulators) amend regulations to permit or encourage the development of these products?
  • Are there other legal impediments or policies that may deter the introduction of auto-refi mortgages, one way ARMs, or other new products that could facilitate beneficial refinances?

Forbearances/Other Loss Mitigation

  • What are the benefits and drawbacks of automating and streamlining short and long-term loss mitigation offers?
  • If such automation and streamlining of loss mitigation offers is incorporated within new mortgage products:
    • How should such products be structured?
    • How and where should such features be established?
  • Under what circumstances should short or long-term loss mitigation solutions be offered automatically? For example, should forbearance be offered automatically upon the declaration of a national emergency or presidentially declared disaster, when unemployment rates in the consumer’s locality reach a certain level, when a borrower loses their job, when a co-borrower on the loan dies, or under other circumstances? What factors should be considered regarding these circumstances? Should any documentation from the consumer be required in any of these circumstances?
  • For short-term loss mitigation solutions, such as forbearance, to what extent is there tension between the goal of offering meaningful immediate payment relief and the goal of ensuring that the balance owned does not grow so large as to make long-term loss mitigation solutions difficult to achieve? Should there be a maximum solution and, if so, what is the appropriate maximum length?
  • What impact would the Bureau’s mortgage servicing regulations, such as those relating to communications with delinquent borrowers, the Bureau’s regulatory definition of delinquency, and the loss mitigation process in general, have on automating and streamlining short and long-term loss mitigation offers?
  • What changes, if any, should be considered relating to the impact that forbearances and other short-term loss mitigation solutions would have on a consumer’s credit reporting?
  • Should standards be set to ensure affordability of long-term loss mitigation solutions? If so, what features of a long-term loss mitigation solution would best help ensure long-term affordability? For example, would term extension, limits on monthly payment increases, or principal forgiveness assist with the goal of long-term affordability?
  • When considering the potential automation and streamlining of short and long-term loss mitigation offers, would there be advantages or drawbacks if more creditors retained servicing of the mortgage loans they originate? Do payment relief advantages exist when an original creditor retains servicing of a mortgage loan? If so, should the Bureau consider ways to encourage originators to retain the servicing of mortgage loans?
  • When considering the potential automation and streamlining of short and long-term loss mitigation offers, are there particular issues or would any particular approaches be more effective for certain types of homeowners, such as servicemembers, older adults, and first-time homeowners?
  • Other than the mortgage products already mentioned in this RFI, are there other mortgage products or features of mortgage products that could help borrowers weather various financial shocks? What are the advantages or drawbacks of those mortgage products or features of mortgage products?
  • Are there other options not mentioned in this RFI that could help achieve the goal of reducing risk for homeowners who are facing financial hardship? If so, what are those options?

Notice of Proposed Rulemaking and Request for Comment
NCUA: Subordinated Debt

NASCUS Legislative and Regulatory Affairs Department
October 5, 2022

At the September 22, 2022, NCUA Board meeting, the Board approved for comment a proposed rule that would amend the Subordinated Debt rule (the Current Rule), which the Board finalized in December 2020 with an effective date of January 1, 2022. The proposal would make two changes related to the maturity of Subordinated Debt Notes and Grandfathered Secondary Capital (GSC).

The proposed rule also includes four other minor modifications to the current subordinated debt rule. The proposed rule in its entirety can be found here. Comments are due December 5, 2022.

Summary

At the December 2020 NCUA Board meeting, the Board issued a final Subordinated Debt rule. This rule permitted Low Income Credit Unions (LICUs), complex credit unions, and new credit unions to issue Subordinated Debt for purposes of Regulatory Capital treatment. This rule also included a provision providing any secondary capital issued by LICUs under previously effective 12 CFR §701.34(b)[1], would be considered GSC. This rule also contained a provision requiring notes to have a minimum maturity of five years and a maximum maturity of 20 years.

After the issuance of this final rule, Congress passed the Consolidated Appropriations Act of 2021. The Consolidated Appropriations Act created the Emergency Capital Investment Program (ECIP), in which Congress appropriated funds and directed Treasury to make investments in “eligible institutions” to support their efforts to “provide loans, grants, and forbearance for small businesses, minority-owned businesses, and consumers, especially in low-income and underserved communities.”

Under Treasury’s terms, credit unions eligible to participate in the ECIP program were permitted to apply to NCUA for secondary capital treatment. Treasury offered 15 or 30-year maturity options for the investments.

In October 2021, NCUA issued LTCU 21-CU-11 permitting LICUs participating in ECIP to issue 30-year subordinated debt instruments. In December 2021, the Board issued a final amendment to the Current Rule permitting secondary capital to be considered GSC regardless of the actual issuance date provided a secondary capital issuance was:

  • To the U.S. Government; and
  • Secondary Capital application was approved before January 1, 2022, under §701.34 or §741.203[2] for federally insured state-chartered credit unions.

Due to the conflict between the 20-year maximum term for regulatory capital treatment for GSC under the Current Rule and the 30-year maturity under ECIP, the NCUA conducted a study. Based on the research findings, the board is proposing the following amendments.

Proposed Rule Provisions

Specifically, the Board is proposing revisions to §702.401(b) to permit GSC to receive Regulatory Capital treatment for a period of 30 years from the later date of issuance or January 1, 2022. This change would:

  • Align the Regulatory Capital treatment with the maximum permissible maturity for secondary capital issued under the ECIP.
  • Align the Regulatory Capital treatment across all GSC. This alignment would provide flexibility to LICUs with GSC that have a maturity longer than 20 years while striking a balance between transitioning issuers of GSC to the Current Rule and ensuring that instruments do not indefinitely remain GSC.

In place of the 20-year maximum maturity, the proposal would instead require a credit union to provide certain information under §702.408 when applying to issue Notes with maturities longer than 20 years from the date of issuance. To demonstrate the issuance is debt, the proposal includes a new paragraph in §702.408(b) requiring a credit union applying to issue Notices with maturities longer than 20 years to submit, at the discretion of the appropriate supervisory office, one or more of the following:

  • A written legal opinion from Qualified Counsel;
  • A written opinion from a licensed CPA; and
  • An analysis conducted by the credit union or independent third party.

The proposal notes, while unlikely, it is still possible a legal or CPA opinion may be necessary to fully ensure that a Note would be considered debt irrespective of the degree to which the maturity exceeds 20 years.

The Board is proposing four additional modifications to the Current Rule. The proposed amendments include:

Amending the definition of “Qualified Counsel” to clarify that such a person(s) is not required to be licensed to practice law in every jurisdiction that may relate to the issuance of subordinated debt. Specifically, the change would specify that a “Qualified Counsel” is:

  • Licensed to practice law;
  • Has expertise in the areas of Federal and state securities laws and debt transactions similar to those described in the Current Rule; and
  • Qualified to provide sufficient advice to a credit union to comply with the requirement in §702.406(f) that an Issuing Credit Union must comply with all applicable Federal and state securities laws.

Therefore, the proposal would remove “in the relevant jurisdiction(s)” from the definition of “Qualified Counsel.” It is important to note that issuing credit unions must comply with all Federal and state securities laws

Remove the “statement of cash flow” from the Pro Forma Financial Statements requirement and replace it with a requirement for “cash flow projections.” This proposed change would better align the requirements of the current rule with the customary way credit unions develop Pro Forma Financial Statements and “cash flow projections.”

Revise the section of the current rule on filing requirements and inspection of documents. This change would align the NCUA rule with current agency procedures and would specifically:

  • Remove the phrase “inspection of documents” as the Board believes FOIA is the appropriate mechanism for requesting Subordinated Debt applications and documents.
  • Replace the current requirement that a credit union submit all applicable documents via the NCUA’s website with a requirement that a credit union make all submissions directly to the Appropriate Supervision Office.

Remove a parenthetical reference related to GSC that no longer counts as regulatory capital. §702.414(c) would be revised by removing “(“discounted secondary capital” re-categorized as Subordinated Debt).” This change would align the rule with recent changes made to the Call Report.

[1] 86 Fed. Reg., 72807 (December 23, 2021)

[2] 84 Fed. Reg. 1608, (February 5, 2019)